Mac address table-based frame forwarding, Configuring the mac address table – H3C Technologies H3C S10500 Series Switches User Manual
Page 34
23
•
Blackhole entries, which are manually configured and never age out. Blackhole entries are
configured for filtering out frames with specific source or destination MAC addresses. For example,
to block all packets destined for a specific user for security concerns, you can configure the MAC
address of this user as a blackhole MAC address entry.
To adapt to network changes and prevent inactive entries from occupying table space, an aging
mechanism is adopted for dynamic MAC address entries. Each time a dynamic MAC address entry is
obtained or created, an aging time starts. If the entry has not updated when the aging timer expires, the
device deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.
NOTE:
A static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice versa.
MAC address table-based frame forwarding
When forwarding a frame, the device adopts the following forwarding modes based on the MAC
address table:
•
Unicast mode: If an entry is available for the destination MAC address, the device forwards the
frame out of the outgoing interface indicated by the MAC address table entry.
•
Broadcast mode: If the device receives a frame with the destination address as all-ones, or no entry
is available for the destination MAC address, the device broadcasts the frame to all the interfaces
except the receiving interface.
Configuring the MAC address table
The configuration tasks discussed in the following sections are all optional and can be performed in any
order.
NOTE:
•
The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces.
•
This document covers the configuration of unicast MAC address table entries, including static, dynamic,
and blackhole MAC address table entries. For more information about configuring static multicast MAC
address table entries for IGMP snooping and MLD snooping, see
IP Multicast Configuration Guide. For
more information about MAC address table configuration in VPLS, see
MPLS Configuration Guide.
Configuring static, dynamic, and blackhole MAC address
table entries
To help prevent MAC address spoofing attacks and improve port security, you can manually add MAC
address table entries to bind ports with MAC addresses. You can also configure blackhole MAC address
entries to filter out packets with certain source or destination MAC addresses.
Adding or modifying a static, dynamic, or blackhole MAC address table entry globally
Follow these steps to add or modify a static, dynamic, or blackhole MAC address table entry in system
view:
To do…
Use the command…
Remarks
Enter system view
system-view
—